Apache vs custom authentication & authorization

For the "existing suite of CGI scripts"
mentioned in the earlier thread "Streamlining
login..." it turns out that our Leader
opposes Apache authentication and
authorization. The main objections are,
first, that it takes sysadmin-level
knowledge to add a new user or set up a new
level of privilege, and second, that
authorization is tied to the directory
structure of the affected scripts.

Therefore I'm thinking of a custom-made
approach that would start with a browser form
to be used by an operator to add new
users and indicate which processes they may
run. Then it looks like the CGI::Auth module
or, even better, CGI::Auth::Auto is what to
use for authentication, assuming that I'm
able to maintain its files with the
above-mentioned browser tool. As I
understand it, at the start of every
sensitive script I would call check(),
which would handle the authentication,
including possible session timeout. It
will present a login page of my own design,
right? Then I would be on my own for the
authorization step, i.e. determining whether
this user is allowed to execute this script.
Presumably this would involve checking a
list that would be maintained by the operator
through the same browser tool that that's
used to add users. Anybody see any problems
with this? No news will be good news...

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!